How do I develop an adware

2020: The year of fake news, corona scams and ransomware

Avast looks back on some of the most recognizable cyber threats of the year. 2020 was dominated by the coronavirus that hit the whole world, including the cyber world. As Avast found, cyber criminals took advantage of the pandemic, targeting scams and launching phishing attacks to exploit people's weaknesses during this difficult time.

Ransomware attacks were on the rise again this year, and even medical facilities were not spared. Threats like stalkerware and adware have spread as users spend more time on their mobile devices with contact and exit restrictions. Cyber ​​criminals have tried to spread mobile adware to a younger target group via popular social platforms such as YouTube, TikTok and Instagram.

Corona fakes and scams
In addition to fake news, corona-related fake shops and malware also made the rounds in 2020. A number of scams circulated specifically targeting people looking for information about Corona and related issues such as the delivery of face masks and ventilators. Avast has observed "malvertising" campaigns adapted to the situation, as well as fake shops and counterfeit products such as cures and medicines to fight the virus that were offered online.

Hackers have used the World Health Organization name and logo to trick people into downloading malware that was distributed via email, SMS, or other means. In addition, Avast has tracked more than 600 malicious applications through, its mobile threat intelligence platform, including Trojans and spyware for mobile banking, disguised as apps that offer a corona-related service.

Fake news has spread widely during the pandemic, including claims that Bill Gates created or funded the coronavirus to sell vaccines and gain power. Other examples of fake news include conspiracy theories that state democratic governments are using the virus as an excuse to turn their systems into autocracies and that 5G is responsible for spreading the coronavirus.

Ransomware attacks
During the first few months of the pandemic, Avast saw an increase in ransomware attacks. Compared to January and February of this year, they increased by 20 percent in March and April. Several ransomware attacks were carried out on hospitals in 2020 despite the fact that cybercriminals had publicly stated that they would no longer target hospitals. Avast has supported hospitals and other companies that were attacked with ransomware.

Healthcare facilities have been attacked with Maze ransomware, which steals data, encrypts it and threatens to publish it if the ransom is not paid. The death of a woman who had to be moved to another clinic after a ransomware attack on a hospital in Düsseldorf and died on the way caused a sensation in this context. The Brno University Hospital in the Czech Republic, which is also a test center and was infected with Defray777, was among the victims.

In addition to healthcare facilities, companies such as Garmin, Jack Daniels and the Ritz in London were also affected by ransomware attacks in 2020. Other known victims of multi-million dollar ransom attacks include the University of California at San Francisco, Travelex, and California-based defense company Communications & Power Industries (CPI).

Challenges in the home office
The pandemic forced many companies to send employees home so they can work from there. According to a survey by the European Foundation for the Improvement of Living and Working Conditions, almost half of the European employees surveyed worked at least temporarily during the corona pandemic, a third of them exclusively in the home office.

Employees took their company devices home with them, which increased the attack surface for companies, since the infrastructure of the home network is usually not as secure as a company network. With millions of workers around the world using Remote Desktop Protocol (RDP) to access their corporate network remotely on a daily basis, this tool has become a powerful vector of attack. Avast has seen an increase in attacks in 2020 that specifically target the RDP for ransomware attacks.

Deep fakes take off
Deep fakes, especially with pornographic content, appeared more frequently in 2020, including explicit deep fakes by TikTok users. In a presentation at the virtual conference by Avast, CyberSec & AI, Connected, Professor Hany Farid from UC Berkeley emphasized that technology is advancing rapidly and creating deep fakes is becoming easier and easier.

The speed with which deep fakes can spread due to social media is also increasing. Farid also noted that "nothing has to be true anymore," which means people will believe fakes, especially when it comes to political deep fakes.

Phishing attacks
Phishing is a lucrative business for cyber criminals to steal money and personal information from people - and a long-running attack technique that hasn't declined in 2020 either. In March there was a sharp 7.9 percent increase in phishing attacks worldwide that used coronavirus-related topics. Over the year as a whole, however, the increase in phishing attacks with the topic of Covid-19 was small with an increase of 1 percent.

Mobile adware developers use social media channels to distribute their "products"
Of all the Android threats that Avast detected in 2020, adware was the most prominent malware with a share of nearly 50 percent in the first quarter, over 27 percent in the second and 29 percent in the third quarter. The HiddenAds family, a trojan disguised as a safe and useful application but displaying intrusive advertisements, stood out as it kept making it back to the Google Play Store. Avast has also discovered scam apps in the Apple App Store. This year alone, the Avast Threat Lab found over 50 fraudulent apps on Google Play and the App Store that needed to be removed.

Stalkerware is a growing category of malware with both worrying and dangerous implications. The Avast Threat Lab found spyware and stalkerware increased 51 percent from March to June compared to the first two months of the year.

In the spring, Avast found parallels between the use of stalkerware and the corona lockdown. Stalkerware is usually stealthily installed on cell phones by friends, jealous spouses and life partners, ex-partners, and even worried parents without the victim's knowledge, for the purpose of tracking the victim's physical whereabouts or visits to websites on the internet, text messages and phone calls to monitor.

There was a 10.2 percent increase in calls, according to an article by researchers at Brigham Young University in the United States, who compared domestic violence emergency calls in 14 major US cities before and after corona-related contact restrictions began.

The Technical University of Munich and the Leibniz Institute for Economic Research surveyed 3,800 women between the ages of 18 and 65 in Germany about their experiences with domestic violence during the Corona crisis. The survey shows that physical violence against women has recently increased by 3.1 percent and emotional violence by 3.8 percent.